CSCI 415 Fall 2009 Dr. Nazli Hardy 1Lab 7: PGP Due: 11/4/09 in class Pretty Good Privacy (PGP was initially created to encrypt individual messages – but now it is so much more, including protecting or shredding stored data. There are commercial and freeware versions of PGP, with the latter having less functionality. The commercial version of PGP supports both symmetric encryption and PKI; it also creates message digests using hashing algorithms. Algorithms supported by PGP Sample Symmetric key AES, IDEA, TripleDES, Twofish PKI RSA Hashing SHA-1, MD5 Objectives of the Lab: to gain a working understanding of PGP and PKI Important: Although the instructions are quite thorough, this lab does take some time to complete properly. It may require a degree of trial and error and thought. Please be sure to start early so that you can play around with the tools. In fact, the lab requires you to familiarize yourself enough to do the last parts on your own. 1. Start up your VM 2. Click on the link below for the trial version page of PGP at http://www.pgp.com/downloads/desktoptrial/desktoptrial2.html 3. Read the page and then Accept the License Agreement Note: The version you are downloading is valid for only 30 days – after that you will only be able to decrypt email messages, but not encrypt any new ones. But remember there are versions that are completely free (though with limited functionality) that are available to you as scholars.CSCI 415 Fall 2009 Dr. Nazli Hardy 24. You will need to provide your name/ alias and a proper email address. 5. PGP will email you a personalized link for the actual PGP download. 6. Your email will contain a .pdf file that contains your License Number, amongst other things. Make note of this number since you will need it soon. 7. Carry out the installation process 8. You will need to restart your machine (VM)CSCI 415 Fall 2009 Dr. Nazli Hardy 39. Enable PGP 10. At this point you will be asked to enter your license number – go ahead. 11. Identify yourself as a new userCSCI 415 Fall 2009 Dr. Nazli Hardy 4 12. Click on “Next” or “Skip” 13. Enter your information again 14. Enter your passphrase – you can choose to either show your keystroke or hide your typing. Remember it! (Yours truly forgot hers and had to start all over again!)CSCI 415 Fall 2009 Dr. Nazli Hardy 515. Congrats! – But keep going 16. Publish your public key to the PGP Global DirectoryCSCI 415 Fall 2009 Dr. Nazli Hardy 6 Note: you will need to restart your vm soon to be able to use PGP.CSCI 415 Fall 2009 Dr. Nazli Hardy 7 17. Click on Start and then PGP Desktop 18. Shred a file (you may have to create one that you don’t want to see ever again)CSCI 415 Fall 2009 Dr. Nazli Hardy 819. Search for your classmates public keys 20. Play around . Click on “All Keys” and “My Private Keys” on the left bar 21. You can email your public key to anyoneCSCI 415 Fall 2009 Dr. Nazli Hardy 9Some additional steps 22. Check your email for this message and complete the verification keyCSCI 415 Fall 2009 Dr. Nazli Hardy 10 23. In order to send/receive encrypted email to/from your friends’ search for their email addresses here: https://keyserver2.pgp.com/vkd/GetWelcomeScreen.eventCSCI 415 Fall 2009 Dr. Nazli Hardy 11CSCI 415 Fall 2009 Dr. Nazli Hardy 12CSCI 415 Fall 2009 Dr. Nazli Hardy 13 23. Send an email to your designated friend 24. Click on the PGP icon on the bottom right hand corner 25. There are a few was to carry out the next step – but most of you will be able to use the “Current Window” and “Encrypt & Sign”CSCI 415 Fall 2009 Dr. Nazli Hardy 1426. Add your recipients (try to figure this out …) 27. At this point you will see this pop-up window or or you may need to re-enter your passphrase depending on much time has elapsedCSCI 415 Fall 2009 Dr. Nazli Hardy 15CSCI 415 Fall 2009 Dr. Nazli Hardy 16At this point you should be able to figure out how to do the following: send an encrypted message to your designated friend in class – his/her email address and public key should be in the PGP global directory have someone in class send you an encrypted message using your email address/public key from the PGP global directory decrypt this email sent to you Please spend a few hours over the week to find your way through PGP. What to hand in Print a screen shots of the a. encrypted email you have received (please include the address of the sender and the time it was sent). Paste onto a Word document (with you name, class, professor, date) b. decrypted version of the email message (for which you used your private
View Full Document